With development of open and global environments of computer communication such as the Internet, there occur an increasing number of unjustified practices, for example, to steal a glance at communication data or to falsify the data. Moreover, when a countermeasure is devise for an injustice, there immediately appears another trick for the injustice. Namely, there occurs a spiral of injustice and countermeasure. Compared with the conventional system of the past in which business and operation are carried out in a closed network of a firm, there exists an increased number of chances of unknown injustices in the system of today using the open environments. Consequently, there has been desired a new countermeasure which is not associated with a simple extension of the prior art. Turning out eyes to the immune system of the human body, the immune system prevents quite a large number of bacteria and viruses from entering the human body although there exist some exceptions. Additionally, even there appears an unknown bacterium or virus not existing in the space at present, the immune system can anyhow cope with such bacterium or virus. Assuming the human body to be a computer network and the bacteria and viruses to be injustices of various tricks, it is to be appreciated that there is required an immune system for the network. That is, it is desired to implement a function, like the immune system of the human body, to cope with a large number of unknown injustices taking place in the computer network.
An article "A Biologically Inspired Immune System For Computers" written by Jeffrey O. Kephart and published from MIT Press in 1994 has disclosed heretofore a method of detecting and coping with injustices in a computer network.
FIG. 9 shows a conventional method. In FIG. 9, reference numerals 1001 to 1018 respectively indicate computers each including a communicating function.
Assume that a computer virus enters the computer 1001 at time 1 and is rejected, and hence the computer 1001 is immune to the computer virus. In the immunized state, the computer retains a state in which the computer memorizes associated information to immediately cope with another invasion of the same computer virus. In this situation, the computer 1001 sends a "sterilization signal" to the computers 1002 to 1006 adjacent thereto. The sterilization signal notifies that the computer of the transmission source is infected with the computer virus and includes a scanning symbol string and restoring information useful for the receiving computer to detect and cope with the computer virus. Assume that among the computers 1002 to 1006 having received the sterilization signal, the computers 1002, 1004, and 1006 have already been infected with the computer virus. Furthermore, it is assumed that the computers 1007, 1008, 1011, 1013, and 1018 have also been infected with the computer virus at time 1.
At time 2, the computers 1002 to 1006 beforehand infected with the computer virus repulse the virus in accordance with the sterilization signal to obtain immunity against the virus. Thereafter, the computers 1002 to 1006 further send the sterilization signal to the adjacent computers. Although the computers 1003 and 1005 not infected with the virus obtain immunity against the virus in accordance with the sterilization signal, these computers do not further send the sterilization signal to the adjacent computers.
In this method, if the speed of propagation of the sterilization signal through the network is higher than the infection speed of the computer virus, it is possible to prevent infection of the computer virus to some extent.
However, the known example is attended with the following drawbacks or problems.
First, when two or more points are infected with the computer virus in an initial stage, the method cannot satisfactorily cope with the infection of the virus. For example, if the infection takes place in the computer 1010 in addition to the computer 1001 in FIG. 10, the sterilization signal from the computer 1001 is not passed to the computer 1010 and hence it is impossible to repulse the virus in the computer 1010. As a result, there exits a fear that the computer virus infected from the computer 1010 possibly invades the network via another adjacent computer beyond the computer 1010. Namely, although the computer virus is detected in the computer 1001 as the first virus infection place and the countermeasure is thus known, it is impossible to sufficiently utilize information of the event for the prevention of infection with the virus.
Second, the sterilization signal is not completely reliable. For example, the computer 1002 is invaded by the computer virus at time 1 and is hence partly unreliable. It cannot be confirmed at time 2 that the computer 1002 is completely recovered. The computer 1008 operates in response to the sterilization signal declared by the computer 1002. Actually, however, the computer 1002 is not yet completely recovered at this point, and hence there is a fear that the computer 1002 sends an incorrect "sterilization signal" to deteriorate the overall network, which is not the object of the signal. In a paragraph of the conclusion of the article above, this point has been described as a problem to be solved in the future.
Third, consideration has been given only to injustices of computer viruses. For example, an attempt of an unauthorized access from an external device to the computer has not been taken into consideration. Such an injustice other than the computer virus cannot be sufficiently coped with by the transmission of the sterilization signal. Depending on cases, it is necessary to transmit a countermeasure software for its execution. Moreover, if a "suppression signal" to suppress operation at appropriate timing is not supplied to the countermeasure software, there possibly increases the chance of runaway of the software or the like to damage normal functions. However, this point has not been described in the above article.
Fourth, the method provides only insufficient quarantine for data from an external network. Heretofore, software called a firewall is installed in a place to be connected via the external network; alternatively, when a magnetic disk or a compact disk is mounted, there is introduced a vaccine software to prevent a program conducting injustices from entering the associated computers. However, in the present stage of art, there exists neither means to confirm reliability of the setting of the firewall nor means to guarantee management in which the latest vaccine software is activated in each computer.
Fifth, the quarantine is insufficient for data having possibility of injustice. The conventional vaccine software (fixed type security dedicated software) detects, in accordance with past instances of sufferings, a virus by use of a data layout characteristic to data when the virus is parasitic on a file system or a memory. In consequence, it is impossible at present to detect injustices caused by a virus of a new type.
It is therefore an object of the present invention to provide a method of and a device for managing a computer network capable of coping with simultaneous invasion of computer viruses at a plurality of positions of the computer network.
Another object of the present invention is to provide a method of and a device for managing a computer network capable of ensuring the reliability of a security software.
Still another object of the present invention is to provide a method of and a device for managing a computer network capable of suppressing a possible runaway of a security software.
Further another object of the present invention is to provide a method of and a device for managing a computer network capable of improving safety for data from an external network.
Another object of the present invention is to provide a method of and a device for managing a computer network capable of immediately detecting outbreak of a computer virus of a new type.